I have a domain that I moved to route 53, to simplify interoperability with other AWS services. I created a hosted zone, and added a CNAME record for a WWW subdomain. I then went to the ACM and generated a cert, clicking on the 'Create records in Route53' button. This auto generated the CNAME entry to allow AWS to validate that I am the owner of the domain. After waiting a day or so, it is still in 'pending validation state', and I am at a loss for how how to resolve this.
- I tried nuking and regenerating the hosted zone.
- I double checked that no CAA record needed to be created.
- I tried hand editing the CNAME key and value to ensure that the correct values were present.
- I tried setting the TTL to 60 seconds to see if that would help speed things up.
- There are no other certs or DNS entries to confuse the validation scripts.
- I have waited multiple hours after changes, several days in some cases.
As far as I can tell, I have set up the ultimate 'happy path simple scenario' for getting a valid cert installed, and it still doesn't seem to work.
I am missing something simple?